Enterprises seeking to expand their brand or their access in previously untapped foreign markets or industries often take a non-controlling, non-majority position in a joint venture that will operate in the foreign locale. The strategy is to engage with other business partners with more localized expertise, and contribute capital and some assets in exchange for equity (and profits) in the joint venture—a separate legal entity with primarily its own management and employees.
The benefits can be alluring to companies seeking to gradually test foreign waters, including the lack of responsibility for managing the joint venture’s operations and potential limited liability as a result of not operating or controlling the joint venture (known as a “non-operated joint venture” or “NOJV”).
Due to the lack of operational responsibility for a NOJV (particularly one that may exist in a remote location away from normal business operations), joint venture non-operators often adopt a hands-off, arm’s-length approach to the NOJV and may not pay enough attention to the risk and compliance issues facing the joint venture itself. Risk and compliance issues, from bribes to foreign officials, to export control violations, to flawed structural plans (as in the Deepwater Horizon oil spill disaster), can devastate the joint venture’s business and expose even non-operating parties to financial losses, reputational harm, and potential regulatory fines and sanctions. The reality is that customers, regulators, and prosecutors are not overly concerned with non-operating status when they are looking for accountability. This article provides best practices for parties contemplating an international NOJV, focusing on how best to obtain the benefits of being a “non-operator” while also protecting your own company’s interests through engagement with the NOJV’s compliance and enterprise risk management programs.
BEST PRACTICE 1: GET TO KNOW YOUR CO-VENTURERS AND JOINT VENTURE OPERATORS
A non-operator contemplating a NOJV first should become familiar with the compliance and risk management posture of its co-venture partners and any entity responsible for the day-to-day management and operations of the joint venture, otherwise called the “operator.” In particular, you should:
- Conduct due diligence on each co-venturer and operator, looking specifically for issues that demonstrate a lack of business integrity.
- Examine co-venturer and operator core values and culture, ensuring that they promote organizational compliance, transparency, and speaking up about problems. This is important for all stakeholders that may have voting rights, positions on the joint venture board or management team, or contributions of personnel, processes, or systems.
- Obtain written commitments from each co-venturer and the operator that they will be committed to compliant and ethical conduct in the operation of the joint venture.
BEST PRACTICE 2: CONDUCT A PRELIMINARY RISK ASSESSMENT OF THE NOJV’S LEGAL AND OPERATIONAL RISKS
If contemplating a NOJV, you next should independently assess the NOJV’s legal and operational risks. By conducting such a risk assessment, you can help all stakeholders prioritize risks and agree on the controls needed to adequately mitigate them. At a high level, an effective process should involve:
- Evaluation of the inherent risks of the NOJV. Considerations include observations from the due diligence described above; the nature and sensitivity of the business that the NOJV will engage in; and the geographic, political, and legal context that the NOJV will operate in (e.g., a country’s Corruption Perceptions Index score).
- Analysis of what will be reasonably needed to mitigate inherent risks by the NOJV, and the existing tools that the co-venturers and operator may lend to the NJOV’s compliance and risk management programs.
- Assessment of the NOJV’s residual risk after implementation of controls, both in terms of direct risk to the NOJV and potential impacts to your business. This process should result in a set of issues, prioritized by likelihood of occurrence and anticipated severity, that become the initial focus for the NOJV’s compliance and risk management programs.
BEST PRACTICE 3: REQUIRE DETAILED COMPLIANCE AND RISK MANAGEMENT PROGRAMS IN THE NOJV DOCUMENTATION
Once you have a good understanding of its co-venturers, joint venture operators, and the legal and operational risks facing the NOJV, the next step is to require detailed compliance and risk management program frameworks as part of the joint venture’s bylaws, operating agreement, or other foundational documents. In particular, non-operators should require:
- Adoption and implementation of a compliance and ethics program consistent with applicable standards (i.e., ISO 19600 and 37001; Section 8B2.1 of the U.S. Sentencing Guidelines). Although these programs may already exist within a co-venturer’s or operator’s own organization, it is important for the NOJV to have its own dedicated compliance resources.
- Periodic risk assessments conducted by the joint venture to address legal and operational risks that may arise or change over the course of the joint venture.
- Reporting and escalation processes to ensure the NOJV periodically informs the non-operator about compliance and risk issues and trends, and also immediately reports on any matters pre-defined by you.
- Access to all NOJV personnel, records, information, databases, and systems needed for you to conduct your own independent compliance program effectiveness investigation or risk assessment evaluations of the NOJV.
BEST PRACTICE 4: ENGAGE INTERNAL COMPLIANCE AND RISK MANAGEMENT FUNCTIONS
You should include NOJV assets in any periodic compliance and ethics program and enterprise risk management reviews to ensure that internal compliance and risk management teams remain mindful of NOJV issues and are able to provide feedback and guidance to the NOJV as appropriate. Any of your company’s personnel involved in management of the NOJV or seconded to its operations also need to be alert to legal and operational risk issues and should be trained specifically on when to engage with your company’s core risk management and compliance functions.
BEST PRACTICE 5: REVIEW NOJV REPORTING AND CONDUCT AUDITS OF THE NOJV
Throughout the course of the NOJV, you should exercise diligence in reviewing the compliance and risk management reporting from the NOJV and:
- Exercise audit rights periodically, particularly to validate the operation of the NOJV’s infrastructure in risk mitigation and detection and prevention of non-compliant conduct.
- Consider the conditions under which greater involvement or additional assurances from the NOJV or co-venturing parties may be prudent, such as participating in internal investigations involving issues central to the viability and continuation of the NOJV.
BEST PRACTICE 6: HAVE AN EXIT PLAN AND STRATEGY
In the event that you are aggrieved by the risk management or compliance posture of the NOJV and are unable to force action or measures to remediate concerns, it is important to ensure that there are appropriate terms and conditions in the joint venture agreement and NOJV operating documents allowing you to withdraw from participation in the NOJV without permission of the other co-venturers. While such a withdrawal may have a number of ancillary impacts and consequences, non-operators should preserve the ability to walk away from a relationship where the risk and compliance issues are considered too great and harmful to their own business.
About the Authors:
Randy Cook and Michael Garson are Senior Managing Directors with Ankura Consulting (www.ankuraconsulting.com), a full-service business advisory firm that assists clients in the design, development, and implementation of their compliance, ethics, and risk management programs. Both Randy and Michael have extensive experience in the legal and internal operations departments of large multinational corporations and advise companies on compliance, ethics, and risk issues in both domestic and international joint ventures. Randy can be reached at email@example.com and Michael can be reached at firstname.lastname@example.org.